Assess

How to protect your business against ransomware attacks?

In our last blog, we explored the costly rise of cybercrime and ransomware attacks, and how governments are responding to rising pressure with new laws and regulations.  

As the legislation around cybersecurity tightens, the potential cost of ransomware attacks becomes bigger for businesses, as they may now face fines on top of the intrinsic implications of breaches. 

So, how can you avoid the worst-case scenario and protect yourself from ransomware attacks in the first place? While cybercriminals are becoming more and more sophisticated, there are many practical actions that businesses can take to improve their resilience. 

In this blog, we explore some of the most effective ways that businesses can protect themselves against damaging and costly ransomware attacks. 

1. Keep your software up to date 

Cybercriminals often exploit vulnerabilities in unpatched systems and software to attack their victims.  Ensuring effective patch management within your estate is crucial for minimising the risk of falling victim to a ransomware attack. 

Previous experiences such as the global epidemic of the WannaCry attack in 2017 affecting around 230,000 computers globally, highlighted to many companies that they had neglected this area. In a nutshell, the attackers exploited a vulnerability which had already been addressed in an update, but many users who hadn’t, or weren’t able to, update their systems were left exposed.  

Many are guilty of occasionally delaying a software update, but staying on top of these updates is one of the simplest and most effective ways of strengthening your business’s cybersecurity and reducing the risk of ransomware attacks. 

2. Backup your data regularly 

Taking regular data backups should be an essential part of any cyber strategy. In the case that cyber criminals should make it past your business’s preventative measures, having backups in place will significantly improve the recovery process. In some attacks, cybercriminals bank on the victim’s desperation to pay the ransom to get their data back, so taking regular backups is crucial.  

When it comes to storing backups, simply relying on on-site locations is not always enough. Instead, businesses should consider using multiple storage systems to ensure backups can always be accessed. 

Cloud services are one of the most cost-effective and secure data storage options, and they also tend to provide access to recovery versions of files. While taking backups doesn’t prevent ransomware attacks, it can significantly mitigate the negative consequences. 

3. Provide security awareness training to your employees 

Humans tend to be the weakest link when it comes to cybersecurity. That’s why having a cyber education and awareness strategy is a must for any business looking to protect itself against ransomware attacks. Staff are often the target of phishing emails, so it is important that they know how to recognise and avoid such scams. In fact, 4 in 10 ransomware attacks start from phishing

Regular refresher training and reminders to be vigilant can go a long way, rather than only providing a “one and done” set training course that is never revisited. 

Some examples of good training methods to protect your business against ransomware: 

  • Phishing training and internal phishing campaigns 
  • Acceptable use of systems  
  • Email and communications   

4. Use multi-factor authentication (MFA) 

One of the primary methods hackers use to gain access to systems is stealing valid user credentials. By using MFA an organisation creates an additional barrier that an attacker will need to overcome to access systems even if they have valid user credentials. In addition, MFA provides an additional alerting mechanism when an attacker attempts to use credentials, informing users that their password will have likely been compromised.  

MFA is recommended for all users but it’s most important for those with elevated privileges or access to high-value assets. 

5. Network Segmentation

If ransomware is successfully installed in your environment, it will seek to propagate itself as widely as it possibly can to infect the largest number of files before activating. 

Ransomware is, therefore, most damaging when it is installed on “flat” networks, or networks with no internal segments or controls.   

A segmented network can contain the spread of ransomware by preventing it from moving laterally across the entire network. If one segment of the network is compromised, the ransomware should be isolated to that segment, preventing it from infecting the rest of the network.  

Segmentation can be achieved in a variety of ways including the use of network devices such as routers and firewalls or virtually using VLANs. 

6. Limit user access privileges

User access should be granted using the principle of least privilege where users are given the minimum level of access necessary to perform their job role. 

Only give users the access they need to do their jobs, and regularly review user access rights to ensure staff are not retaining unnecessary privileges. Restricting user access will limit the ability of an attacker to deploy ransomware within your estate should user credentials be compromised and will require the attacker to take further action to escalate privileges to successfully carry out the attack.  

7. Ensure endpoints are well protected

Endpoints, such as desktops, laptops, and mobile devices, are often the entry point for ransomware attacks. Ensuring that endpoints are well protected is crucial in preventing ransomware attacks. This includes installing and regularly updating antivirus and anti-malware software, using host-based firewalls, and keeping all software and operating systems up to date with the latest security patches. More advanced endpoint management systems allow for the automatic isolation of user devices if malware is detected, preventing the device from spreading malware further into the network.  

8. Deploy email protection and filtering tools

Email is a common vector for ransomware attacks. Deploying email protection and filtering tools can help prevent malicious emails from reaching users’ inboxes and potentially infecting their systems. These tools can filter out suspicious emails, block attachments that may contain ransomware, and flag emails with suspicious links or content. 

9. Application whitelisting

Application whitelisting is a security measure that allows only pre-approved applications to run on a system or network, while blocking all other applications, including unknown or potentially malicious ones. By implementing application whitelisting, you may be able to prevent ransomware from executing on a system, without the ransomware being configured in such a way as to appear like a whitelisted application. 

10. Get a cybersecurity assessment

A ransomware attack can be devastating for an organisation, and typically it could have been prevented, or mitigated, had the right preventative measures been taken. Suffering financial and reputational damage is an expensive way of learning where your vulnerabilities are, and it can be a lot cheaper to turn to experts before an attack occurs. 

An expert cybersecurity assessment helps you understand the state of your current cybersecurity and gives you practical and personalised recommendations on how to protect your business against ransomware attacks and improve resilience. 

11. Take out a cyber insurance policy

If the worst does happen an insurance policy can mitigate any financial losses, you may suffer following an attack. Make sure any policy you do take covers ransomware and is proportionate to any potential losses you may suffer as a result. 

Preventative measures are crucial for protecting against ransomware attacks

Good cybersecurity ensures that protection methods are already in place before an attack occurs. Waiting to take action only after a breach occurs can be a costly lesson, highlighting the importance of a proactive mindset from cyber leaders.  

It’s key that preventative measures are used as part of a multifaceted strategy, rather than relying on one tactic in isolation. From using MFA to providing cyber training to employees, every preventative technique serves its own purpose, and each creates an additional barrier for a malicious actor to overcome. 

Although no defence measure has a 100% success rate, taking these actions will greatly reduce the chance of cybercriminals being successful and help protect your business against ransomware attacks. 

Concerned about security in your organisation? Talk to our team of cybersecurity specialists to find out more about our services. 


Thanks to Principal Security Consultant David Cooper and Cyber Security Consultant Daria Volynskaya for their contributions to this piece.

Also in Assess

Connect

Get in touch with our technology experts.

Talk To Our Team